#!/bin/bash
setenforce 0
sed -i '/^SELINUX=/c\SELINUX=disabled' /etc/selinux/config
yum -y install openssl openssl-devel lzo vim -y
rpm -ivh ftp://mirror.switch.ch/pool/4/mirror/epel/6/ppc64/epel-release-6-8.noarch.rpm
sed -i 's/^mirrorlist=https/mirrorlist=http/' /etc/yum.repos.d/epel.repo
yum -y install openvpn easy-rsa
cd /usr/share/easy-rsa/2.0/
#vim vars
#export KEY_COUNTRY="CN"
#export KEY_PROVINCE="shanxi"
#export KEY_ORG="redhatxl.cn"
#export KEY_EMAIL="it-arch"
#export KEY_OU="it-arch"
#source vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-dh
openvpn --genkey --secret keys/ta.key
mkdir /etc/openvpn/keys
cp /usr/share/easy-rsa/2.0/keys/{ca.crt,server.{crt,key},dh2048.pem,ta.key} /etc/openvpn/keys/
cp /usr/share/doc/openvpn-2.3.13/sample/sample-config-files/server.conf /etc/openvpn/
grep '^[^#;]' /usr/share/doc/openvpn-2.3.13/sample/sample-config-files/server.conf>/etc/openvpn/server.conf
cat >/etc/openvpn/server.conf <<EOF
port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key  # This file should be kept secret
dh keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.0.0.0"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth keys/ta.key 0 # This file is secret
comp-lzo
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 5
log-append openvpn.log

EOF

sed -i '/net.ipv4.ip_forward/s/0/1/' /etc/sysctl.conf
sysctl -p
iptables -I INPUT -p tcp --dport 1194 -m comment --comment "openvpn" -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
service iptables save

cp /usr/share/doc/openvpn-2.3.12/sample/sample-config-files/client.conf client.ovpn
#vi testuser.ovpn
